The demise of the “unsinkable” Titanic serves as a timeless lesson to credit unions about potential pitfalls they might not see coming, says Michael Rasmussen, principal of GRC 20/20 Research.
Credit union governance, risk, and compliance (GRC) provides a framework for diligently monitoring a multiplicity of influences that could disrupt sound operating models and strategies—an approach that might have prevented one of history’s most famous disasters.
“The analogy here is that we are complicated business with many working parts, and their many areas where things can go wrong,” says Rasmussen, who addressed a general session at CUNA’s Governance, Risk Management, and Compliance Leadership Institute in Denver. “We need to see the big picture and the interconnectedness of risk.”
The Titanic was hailed as unsinkable; prior to its tragic maiden voyage, captain E.J. Smith stated, “Never in our history have we harnessed such formidable technology.”
“There was overconfidence in the ship’s design,” Rasmussen says. “How often are we overconfident in our business strategy and execution?”
Just as the Titanic was affected by external factors—an iceberg being the most obvious—credit unions also must react to outside influences, be they natural disasters such as hurricanes or human-driven problems brought about through social media.
Likewise, third-party risks affect credit unions, just as they did the Titanic. The iron ore that formed the ship’s rivets were of brittle and inferior quality, which compromised its seams. Meantime, data breaches form near-constant reminders of the third-party risks credit unions face.
Faulty oversight and auditing—the ability and willingness to scan the sea for danger—also played a part in the Titanic’s sinking, according to Rasmussen.
“How often do we have good technology available to us that we are not using to monitor our environments?” Rasmussen sys. “The Titanic had that technology, in the form of binoculars, but didn’t use it.”
Sometimes, simple ignorance opens the door to disasters. The Titanic received numerous telegraphs from other ships warning of icebergs. “One of the literal responses from the Titanic was, ‘Shut up. We’re tired of hearing about it,’” Rasmussen says. “Regarding risk and compliance in our environments, how often do you hear credit union managers say, ‘That’s not going to happen to us?’”
More than ever, a multiplicity of risk exposures affects the way credit unions run their businesses—thus the need for GRC, Rasmussen says.
“If the Titanic were able to address one or two of those issues, it might have avoided disaster. We too, need to be able to see the big picture of risk, interconnected of risk,” Rasmussen says. “Those little unforeseen things can cause significant damage and loss to the credit union.”